Require Client Certificates
An XCCDF Rule
Description
SSLVerifyClient should be set and configured to require by
setting the following in /etc/httpd/conf/httpd.conf:
SSLVerifyClient require
Rationale
Web sites requiring authentication within the DoD must utilize PKI as an authentication mechanism for web users. Information systems residing behind web servers requiring authorization based on individual identity must use the identity provided by certificate-based authentication to support access control decisions.
- ID
- xccdf_org.ssgproject.content_rule_httpd_require_client_certs
- Severity
- Medium
- References
- Updated